I'm trying to setup my server so that port 5432 (Postgres) is accessible only from localhost. So I've denied everything, and added back port 5432, however I cannot connect to it.
Here is my UFW config:
$ sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), deny (outgoing), deny (routed)
New profiles: skip
To Action From
-- ------ ----
22 ALLOW IN Anywhere
80 ALLOW IN Anywhere
443 ALLOW IN Anywhere
127.0.0.1 5432 ALLOW IN 127.0.0.1
22 (v6) ALLOW IN Anywhere (v6)
80 (v6) ALLOW IN Anywhere (v6)
443 (v6) ALLOW IN Anywhere (v6)
80 ALLOW OUT Anywhere
22 ALLOW OUT Anywhere
443 ALLOW OUT Anywhere
53 ALLOW OUT Anywhere
33434:33524/udp ALLOW OUT Anywhere
127.0.0.1 5432 ALLOW OUT 127.0.0.1
80 (v6) ALLOW OUT Anywhere (v6)
22 (v6) ALLOW OUT Anywhere (v6)
443 (v6) ALLOW OUT Anywhere (v6)
53 (v6) ALLOW OUT Anywhere (v6)
33434:33524/udp (v6) ALLOW OUT Anywhere (v6)
And netstat:
$ netstat -an | grep "LISTEN "
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN
tcp6 0 0 :::55056 :::* LISTEN
tcp6 0 0 :::80 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 :::5432 :::* LISTEN
tcp6 0 0 :::443 :::* LISTEN
Just to confirm it's really ufw that prevents the connection, since if I disable it it works fine. Any idea what I am missing?